Fuel dispensers dispense petroleum and alternative fuel products at retail service stations and convenience store operations around the world. Fuel dispensers have user interfaces, including displays and keypads, for effecting customer payment transactions. These user interfaces include credit/debit card magnetic readers for retrieving account information from the customer. Other point of sale (POS) terminals also include similar user interfaces.
These user interfaces, and in particular fuel dispenser interfaces accessible outside to the public, have become subject to attack by individuals desiring to acquire account information from customers. Display interfaces may be hacked to present false prompts to customers on the user interface in order to acquire this account information. When customers respond to these false prompts, their account information may be commandeered and used improperly and fraudulently.
This potential for tampering has resulted in certain physical security measures being adopted for fuel dispenser user interfaces. These physical security measures include mounting the display within a secure enclosure with the display controller. Alternatively, the display has been mounted to a secure enclosure and the display controller has been placed within the secure enclosure. In either case, the data and control lines for the display are not exposed and cannot be as easily hacked. However, these physical security measures have imposed undesirable physical limitations on mounting locations for these displays. As well, the display cannot be located remotely from the display controller with these solutions because the ribbon cable that connects the display controller to the display would be exposed. The exposed ribbon cable can be easily mounted with a hacking device to display false prompts to a customer.
Credit card processing companies have recognized and responded to the problem associated with user interfaces at point of sale (POS) systems, such as fuel dispensers, by generating new standards for security at these user interfaces. Applicant hereby incorporates by reference the document “Payment Card Industry (PCI): POS PIN Entry Device Derived Test Requirements,” Version 1.2, dated September, 2004, as if fully set forth herein. These new standards require POS systems to ensure that data sent to the display is not intercepted and replaced with other data. Mechanisms for ensuring the authenticity and proper use of any prompts that are displayed to users of POS systems must be implemented and modification or improper use of the prompts must be prevented. Further, capabilities must be provided for detecting that the display has not been tampered with or removed from its original mounting location. The secure enclosure must be tamper proof and must include tamper detection circuitry. The display data cable that attaches to the display must be protected at the display interface.
Accordingly, an approach for remotely mounting a display and for providing tamper and removal detection for the display while meeting the new secure processing requirements is needed.